From 702a057683c51f4fdbaaeb8f963ec282caab6d14 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Sun, 25 Jul 2004 14:25:42 +0000
Subject: - Patch #9478 by JonBob: allow printf-style arguments in pager_query.

  Currently pager_query() is the black sheep of the database query family, because it does not allow for printf-style arguments to be inserted in the query. This is a problem because it introduces developer confusion when moving from an unpaged query to a paged one, and it encourages substitution of variables directly into the query, which can bypass our check_query() security feature.

  This patch adds this ability to pager_query(). The change is backwards-compatible, but a couple calls to the function in core have been changed to use the new capability.
---
 modules/profile/profile.module | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'modules/profile/profile.module')

diff --git a/modules/profile/profile.module b/modules/profile/profile.module
index 61eca0aa2..b61470b39 100644
--- a/modules/profile/profile.module
+++ b/modules/profile/profile.module
@@ -83,7 +83,7 @@ function profile_browse() {
     }
 
     // Extract the affected users:
-    $result = pager_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = $field->fid AND $query ORDER BY u.changed DESC", 20);
+    $result = pager_query("SELECT u.uid FROM {users} u INNER JOIN {profile_values} v ON u.uid = v.uid WHERE v.fid = %d AND $query ORDER BY u.changed DESC", 20, 0, NULL, $field->fid);
 
     $output = '<div id="profile">';
     while ($account = db_fetch_object($result)) {
-- 
cgit v1.2.3